Ohio Man Accused of Spying on Thousands Via Malware

CLEVELAND (CN) – An Ohio man said to have developed malware that infected personal and government computers was charged Wednesday with using the malicious software to spy on thousands of Americans for more than a decade.

Prosecutors say the 28-year-old developed “Fruitfly” to infect computers running macOS but also created a version for the Windows operating system. The malware gave Durachinsky remote access to infected computers from his home in North Royalton, 20 miles south of Cleveland in Cuyahoga County, Ohio, according to the indictment released Wednesday.

“For more than 13 years, Phillip Durachinsky allegedly infected with malware the computers of thousands of Americans and stole their most personal data and communications,” Acting Assistant Attorney General John Cronan said in a statement. “This case is an example of the Justice Department’s continued efforts to hold accountable cybercriminals who invade the privacy of others and exploit technology for their own ends.”

According to prosecutors, from 2003 to early 2017, Durachinsky infected thousands of computers.

The indictment alleges Durachinsky saved and created detailed notes after stealing millions of images and the malicious “Fruitfly” software alerted him if his victims were using pornography-related search words.

Once installed, Durachinsky was able to steal stored data, uploaded files, screenshots and log keystrokes, prosecutors say. Unbeknownst to his victims, he allegedly listened to and watched their interactions and conversations by turning on their cameras and microphones using a control panel that he ran on a computer at his home.

“The control panel allowed defendant to manipulate computers infected with the Fruitfly malware and had a visual interface that allowed defendant to view live images and data from several infected computers simultaneously,” the 11-page indictment states.

According to the filing, the malware ended up on computers owned by individuals, companies, schools, a police department, local, state and federal government entities, and perhaps most alarmingly, a computer owned by a subsidiary of the U.S. Department of Energy, which is responsible for the safe handling of nuclear materials and the maintenance of the nation’s nuclear arsenal.

The government charges Durachinsky with stealing sensitive information including passwords, tax, bank and medical records, photographs, web searches and “potentially embarrassing communications,” the Justice Department said in a news release. Prosecutors say he also used login credentials to access and download information from third-party websites.

The indictment also alleges that Durachinsky produced child pornography. Though there are few details, the indictment states the defendant “did use a minor and minors to engage in sexually explicit conduct” and that “such visual depiction was produced and transported in and affecting interstate and foreign commerce.”

Northern Ohio U.S. Attorney’s Office spokesman Mike Tobin said Durachinsky was arrested in January 2017 and has been in custody since.

Last year, Case Western Reserve University contacted the FBI in Cleveland to report that a hacker had installed malware on their network. The government then charged Durachinsky in criminal complaint on Jan. 24, 2017.

The FBI said that it had seized a laptop belonging to Durachinsky that included the client control software. He had infected at least 10 Case Western computers, according to the complaint.

An investigation revealed that the computers had been infected for several years. Law enforcement was able to trace Durachinsky, a Case Western alumnus, through his alumni email account, according to last year’s complaint.